Updated on 2023-05-15 GMT+08:00

Configuring Spark2x Data Encryption During Transmission

Scenario

This section describes how to configure encryption for Spark2x security channels to enhance security.

Procedure

To modify parameters, log in to FusionInsight Manager, click Cluster and choose Services > Spark2x. On the displayed page, click Configurations and click All Configurations. Enter a parameter name in the search box.

After the configuration, restart the corresponding service for the settings to take effect.

Table 1 Parameters

Parameter

Description

Default Value

spark.authenticate

Whether to enable Spark internal security authentication

Security mode: true

Normal mode: false

spark.authenticate.enableSaslEncryption

Whether to enable encrypted communication based on Simple Authentication and Security Layer (SASL)

Security mode: true

Normal mode: false

spark.network.crypto.enabled

Whether to enable RPC encryption based on Advanced Encryption Standard (AES)

Security mode: true

Normal mode: false

spark.network.sasl.serverAlwaysEncrypt

Whether to disable unencrypted connections for ports with SASL authentication enabled

false

spark.network.crypto.keyLength

Length of the encryption key to be generated

256

spark.network.crypto.keyFactoryAlgorithm

Algorithm used to generate the encryption key

PBKDF2WithHmacSHA1

spark.io.encryption.enabled

Whether to enable local disk I/O encryption

Security mode: true

Normal mode: false

spark.io.encryption.keygen.algorithm

Algorithm used to generate the I/O encryption key

HmacSHA256

spark.io.encryption.keySizeBits

Size of an I/O encryption key, in bits

256

spark.ssl.ui.enabled

Whether to enable Secure Sockets Layer (SSL) authentication for the web UI connection

Security mode: true

Normal mode: false